Description
A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords.
References (2)
Core 2
Core References
Third Party Advisory government-resource
broken-link
https://www.usom.gov.tr/bildirim/tr-22-0269
Government Resource government-resource
https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-22-0269
Scores
CVSS v3
7.7
EPSS
0.0073
EPSS Percentile
49.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H
Details
CWE
CWE-305
Status
published
Products (2)
mepsan/stawiz_usc\+\+
< 3.0
Mepsan/USC+
unspecified - 3.0
Published
Mar 30, 2022
Tracked Since
Feb 18, 2026